China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations

A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security...

SUSE CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

CVE-2021-26691

A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...

CVE-2021-26690

A NULL pointer dereference was found in Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-2593)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit i...

openSUSE Security Update : apache2 (openSUSE-2018-438)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

BSA-2018-559

Security Advisory ID : BSA-2018-559 Component : Apache HTTPD Revision : 2.0: Final Apache HTTP Server httpd modsession modulehas an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session"...

CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...